DefaultStateManager.assessStates() can be DOS if there is enough protection pools
Summary
If too many protection pools are created, DefaultStateManager.assessStates() will revert.
Vulnerability Detail
When a protection pool is created, it is pushed to protectionPoolStates.
assessStates() which is a function called daily by the protocol, loops through the entire protectionPoolStates array. If it is large enough, the call will revert with an out-of-gas error.
Impact
assessStates reverting means it is impossible to update the states of the pools, preventing unlocking pools that need to be (or vice-versa)
joestakey
medium
DefaultStateManager.assessStates()can be DOS if there is enough protection poolsSummary
If too many protection pools are created,
DefaultStateManager.assessStates()will revert.Vulnerability Detail
When a protection pool is created, it is pushed to
protectionPoolStates.assessStates()which is a function called daily by the protocol, loops through the entireprotectionPoolStatesarray. If it is large enough, the call will revert with an out-of-gas error.Impact
assessStatesreverting means it is impossible to update the states of the pools, preventing unlocking pools that need to be (or vice-versa)Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/DefaultStateManager.sol#L126
Tool used
Manual Review
Recommendation
Add a check in
registerProtectionPool()to ensureprotectionPoolStatesnever exceeds a pre-defined upper limit.